Overview

overview

10

Static

static

3

POHT320ML-...26.exe

windows7-x64

1

POHT320ML-...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    POHT320ML-230000026.exe

  • Size

    1012KB

  • Sample

    230508-jca42ahe37

  • MD5

    1e83c4305573d2474cff4b83f5f5566e

  • SHA1

    4ae7e03082ec4660fe2787c0b512d21dc5367998

  • SHA256

    b092e2388c1f790870d97b73440930d4e0c134610c17091e8987622745a0cc48

  • SHA512

    fb470979803e8e9ffbd40dc6564e348719436b7ac6cdd05a1d41bc6e89682c344751f948d9e3d8531e620453a725c9c1694e51bacbfd89f8f549e37ee5f85ac5

  • SSDEEP

    12288:/cgBnwlSWJwXmZbMRaVb1tQUlhJGEy24XrmTVBHZowtet8zzQRDmwsEiHXl6mhuw:di9gRchxl3Z34XrmJGqOFi3MmA

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Targets

    • Target

      POHT320ML-230000026.exe

    • Size

      1012KB

    • MD5

      1e83c4305573d2474cff4b83f5f5566e

    • SHA1

      4ae7e03082ec4660fe2787c0b512d21dc5367998

    • SHA256

      b092e2388c1f790870d97b73440930d4e0c134610c17091e8987622745a0cc48

    • SHA512

      fb470979803e8e9ffbd40dc6564e348719436b7ac6cdd05a1d41bc6e89682c344751f948d9e3d8531e620453a725c9c1694e51bacbfd89f8f549e37ee5f85ac5

    • SSDEEP

      12288:/cgBnwlSWJwXmZbMRaVb1tQUlhJGEy24XrmTVBHZowtet8zzQRDmwsEiHXl6mhuw:di9gRchxl3Z34XrmJGqOFi3MmA

    Score
    10/10
    blustealercollectionstealer

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks